Posted
by
timothy
on Sunday May 01, 2011 @06:04PM
from the translucency-failure dept.

WrongSizeGlass writes "The LA Times is reporting that Sony has revealed that 10 million credit card accounts may have been exposed two weeks ago when a hacker broke into the company's computers in San Diego and stole data from 77 million PlayStation Network accounts. Sony said it will provide credit card protection services for the 10 million customers whose data were compromised. Sony last week said it had encrypted credit card data, but not other account information, including names, addresses, email addresses and birth dates."

There's a bigger problem... If a system is sufficiently compromised, the attacker gets the encrypted card data, the encryption algorithm, and the keys (my favorite variation is where the database has a decryption stored procedure). We learned long ago to keep all encrypted card data in systems that have no users access and to only keep surrogate keys in transactional systems. For example, in our equivalent of the PlayStation Network, your credit card number would be stored as a meaningless number like "127". In order to process a transaction against the card, "127" and the transaction data is passed to the credit card system, where the credit card system looks up the real encrypted credit card number, decrypts it, and charges it. You could make the argument that we've simply moved the problem, but the credit card system is much easier to secure since no customer or even employee should ever be able to send a packet to it -- only a handful of controlled system can. Sure, if the transactional system is compromised, the attacker can process cards with our system, but as soon as we kick them out, the card data is useless to them.

As for the cryptanalysis problem, simply use a salt the same size as the card number and XOR the card number with it. Presto, perfectly random looking plain text with no (new) differential cryptanalysis vulnerabilities. You don't even need to do this if you use proper initialization vectors and a block cipher in CBC mode